According to an article from Fudzilla, the openSUSE Forums were hacked recently by a Pakistani hacker going by the name of “H4x0r HuSsY”. The hack is said to have been based on a vulnerability in vBulletin 4.2.1 software which SUSE uses to host the forum. Apparently, the hack has revealed that openSUSE Forums were based on proprietary forum software. Of course, the openSUSE team has denied that the users’ passwords were compromised by the hack.
“The credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack,” the team said.
The compromised passwords reported were random automatically strings, having no connection whatsoever to user passwords. The bit of good news is helpful, especially for the users concerned whether or not their passwords had been compromised.
However, openSUSE is also wondering if the hack would have occurred if they had used an open source technology instead of the current vBulletin. All in all, it’s better to look forward and improve security now rather than dwell in the past with “what if”‘s.
Thank you Fudzilla for providing us with this information
